shibboleth-dev - Re: Metadata 2.0
Subject: Shibboleth Developers
List archive
- From: Nate Klingenstein <>
- To:
- Subject: Re: Metadata 2.0
- Date: Thu, 13 Dec 2007 15:16:34 +0000
Franck,
This is for two reasons. First, an SP doesn't need to load its own metadata since it only communicates with the IdP. We included an IdP example so that if necessary the SP deployer could write metadata for their partners by hand. Why no SP example, then? The 2.0 SP includes a dynamic metadata generation handler for every application at, for example, https://yourhost.org/Shibboleth.sso/Metadata. It will attempt to synthesize accurate metadata for itself based on all its configuration files. Give it a try.
This is primarily due to a poor implementation of the metadata validator that's applied post XML edit. Stick to the embedded namespaces and avoid using TestShib as an example of anything. See for a better example:
Encryption should be enabled by default for our implementation of the 2.0 browser SSO profile, but this was added to a fairly recent revision of the IdP and I haven't tested it myself yet.
Probably somewhere on the https://spaces.internet2.edu/display/SHIB2/Configuration and https://spaces.internet2.edu/display/SHIB2/UnderstandingShibboleth pages. The fundamental model here is changing quite a bit in conceptual approach to reflect the new metadata generation handlers and to accommodate different deployment parameters, but a basic start would probably be useful. Thanks a lot for contributing, Nate. |
- Metadata 2.0, Franck Borel, 12/13/2007
- Re: Metadata 2.0, Nate Klingenstein, 12/13/2007
- Re: Metadata 2.0, Lukas Haemmerle, 12/18/2007
- RE: Metadata 2.0, Scott Cantor, 12/18/2007
- Re: Metadata 2.0, Lukas Haemmerle, 12/18/2007
- RE: Metadata 2.0, Scott Cantor, 12/13/2007
- Re: Metadata 2.0, Nate Klingenstein, 12/13/2007
Archive powered by MHonArc 2.6.16.